827 matches found
Design/Logic Flaw
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
CVE-2020-28469
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
CVE-2020-28469 Regular Expression Denial of Service (ReDoS)
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
CVE-2020-28469
CVE-2020-28469 affects the glob-parent package prior to v5.1.2. The flaw arises from the enclosure-regex used to validate strings ending in an enclosure that contains a path separator. The described effect is a Regular Expression Denial of Service (ReDoS) scenario. Affected software/component: gl...
Security Bulletin: A security vulnerability in Node.js glob-parent module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js glob-parent module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit th...
nodejs 资源管理错误漏洞
nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A resource management error vulnerability exists in...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update
Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2020-28469
A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...
Regular Expression Denial Of Service (ReDoS)
glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists as the enclosure regex used to check for strings ending in enclosure containing path separator has an unescaped exclamation mark...
Regular Expression Denial of Service (ReDoS)
Overview glob-parent is a package that helps extracting the non-magic parent path from a glob string. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The enclosure regex used to check for strings ending in enclosure containing path separator. PoC by...
PT-2021-11537 · Npm +5 · Glob-Parent +5
Name of the Vulnerable Software and Affected Versions: glob-parent versions prior to 5.1.2 Description: The issue is related to the enclosure regex used to check for strings ending in enclosure containing path separator. Recommendations: For versions prior to 5.1.2, update to version 5.1.2 or lat...
PYSEC-2020-141
In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...
CVE-2020-26269
In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...
PT-2020-16392 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.4.0rc Description: The general implementation for matching filesystem paths to globbing pattern in TensorFlow is vulnerable to an access out of bounds of the array holding the directories. This issue arises due to...
Arbitrary Code Execution
glibc is vulnerable to arbitrary code execution. A use-after-free in the glob function when expanding user allows an attacker to execute arbitrary code on the host OS...
new module: perl:5.30
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that when processed by the glob function would potentially lead to arbitrary code execution. This was fixed in version 2.32.
...
DEBIAN-CVE-2020-1752
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially...
CVE-2020-1752
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially...
CVE-2020-1752
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially...